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ABSTRACT 



A system and method for controlling access to computer 
resources of a computer is disclosed. The access control 
program preferably includes a plurality of program 
components, which may be terminate stay resident (TSR) 
programs, for intercepting interrupt service calls, ^lie inter- 
rupt service calls are verified to determine whether the user 
is authorized for the resource requested in the service call. 
The program components use files containing a list of 
authorized resources for the computer user. These files are, 
preferably, used at system initialization to modify the system 
resource files used by the operating system to identify 
program and program groups which are displayed to a user. 
A boot protection program is also disclosed which may be 
installed with the access control program to prevent a boot 
program stored on media within the diskette drive from 
acquiring control of the system during system initialization. 
The boot protection program corrupts the master boot 
record, boot record and partition table so that other boot 
programs do not have sufficient information to initialize the 
system. The master boot program is modified to access this 
requisite information elsewhere during system initialization. 
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SYSTEM AND METHOD FOR 
CONTROLLING ACCESS TO PERSONAL 
COMPUTER SYSTEM RESOURCES 

FIELD OF THE INVENTION 5 

This invention relates to control of local resources on a 
personal computer and, more particularly, to control of user 
authorization and access to local resources on a personal 
computer. 

10 

BACKGROUND OF THE INVENTION 

The personal computer, or PC, was first introduced in the 
early 1980s. These systems generally include a hardware 
platform of a processor, memory and input/output periph- 
erals that support local resources such as a display monitor, 
keyboard, hard disk drive, a diskette drive and communica- 
tion ports. This hardware platform is controlled by an 
operating system. The operating system is software which 

controls the interaction between a user and the local „ 

20 

resources. Usually thLs control is performed by controlling 
the communication interface between utility programs for 
the local resources and application programs executing on 
the system. 

The number and type of application programs available 25 
for a user shortly after the introduction of the PC were not 
too many or diverse. As a result, the operating system for a 
PC generally permitted any authorized user to access any 
resource or file available on the system. However, as PCs 
proliferated, the number of companies which made vSoftware 
for the systems and the types of software offered for the 
systems also increased. For example, adult users began to 
use various financial analysis, organizational, and word 
processing programs to keep financial records, organize 
housekeeping or family schedule information and create 
documents for home and family functions. Adolescents used 
word processing programs and resource programs such as 
multimedia encyclopedias to generate reports for school. For 
younger children, programs for educational interaction or 
edutainment became commonplace. Thus, all members of a ^ 
family had a use for the PC and began to need access to the 
system. 

While all family members may have a need for access to 
the PC, not all members need access to all the resources on 
a PC. For example, the adults in a family have concerns that 45 
the bank records and check balancing files may be inadvert- 
ently destroyed by a younger member of the family. Thus, 
there is a need to segregate files for one user on a PC from 
the other users. One way to keep a user from accessing 
certain files is to keep the user from gaining access to the 50 
application program that modifies the content of the file. 
Programs which control access to application programs are 
known which require a user to enter a password before the 
operating system activates the program for the user. If the 
user does not enter the correct password, the requested 55 
program is not activated. Without being able to use the 
program that manipulates the file contents, the user is 
discouraged from trying to access a particular file. 

There are a number of limitations to this protection 
scheme. For one, all users see all of the application programs 60 
that are available on the system. Of course, if a user does not 
know the password for a program, the user quickly learas 
that the program is not accessible. For some users this may 
be satisfactory, however, some inquisitive and talented users 
may consider the denial of access to a program a challenge. 65 
The attempts of such users to circumvent the protection 
program may result in damage beyond the few files to which 
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the user was being denied access. Another limitation is that 
the user may legitimately need access to an application file 
but not to all of the files which may be manipulated by the 
application program. For example, an adolescent user may 
require access to the word processing program to generate a 
paper for school but not the letter containing details of a 
personal matter being discussed with a counselor for another 
member of the family. Programs which use a password to 
limit access to a file are also known but these programs also 
notify a user of his or her unauthorized status for the file 
which may result in attempts to break the access lock. 
Accordingly, there is a need for denying access to programs 
or files on a PC without informing the user of the denied 
access or of the program's or file*s existence. 

Recently, interest in the Internet and the World Wide Web 
(WWW) has resulted in millions of PC users purchasing 
subscriptions to Internet services, browsers for viewing Web 
sites and high speed modems for downloading files to a PC. 
While the information services available over the Internet 
and WWW can be a useful educational supplement to the 
programs already available on a user's system, there are also 
sites and services which arc not desirable for all members of 
a family. For example, sexually explicit sites are accessible 
over the Internet and WWW, Also, some discussion or talk 
groups may be used by unscrupulous people to contact 
adolescents or young children so they may later meet the 
adolescents or children without adult supervision, llius, 
there is a need for controlling which users may access the 
programs and communication resources required for Inter- 
net and WWW access. 

Granting a user access to certain programs or files should 
not mean that the user's access rights are unqualified. For 
example, a parent may wish to deny access to the game 
programs available on a PC during the afternoon hours for 
a school age family member but would like to encourage the 
use of the PC for preparation of the student's work. 
However, the parent may want to grant access to the games 
after completion of the student 's homework as a reward for 
a job well done. Currently, a parent would not be able to 
achieve such time selective control over the programs, files 
and resources of a PC in an automatic manner. 

Some users, who become aware of resources to which 
they are denied access, attempt to circumvent access control 
systems and methods by aborting operating system opera- 
tion and rebooting the system. The user may then attempt a 
number of methods for obtaining access to the denied 
resource. One method is to let the reboot proceed until the 
operating system is loaded but terminate the reboot before 
the user interface program begins execution. Usually the 
user interface or some program associated with it performs 
the access control function. By terminating the reboot prior 
to the user interface activation, a user knowledgeable about 
operating system commands may use the operating system 
to explore the resources available on the system. Tht user 
may even by able to modify the access control program to 
grant the user rights to resources previously denied to the 
user. Another method of obtaining unauthorized access is to 
place a system disk containing a system initialization pro- 
gram written by the user in the diskette drive of the system. 
Most PCs examine the diskette drive for a system initial- 
ization program following execution of the Basic Input and 
Output System (BIOS) program. The BIOS program is a low 
level program that initializes and verifies basic input and 
output functions of the PC and then relinquishes control for 
the remainder of system initialization. If the user^s system 
initialization file on the diskette drive is executed before the 
initialization file on the hard disk is started, then the user 
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may prevent the user interface and access control program 
from being executed. 

One known way of preventing a system boot from a 
diskette drive is to install an extended BIOS card and 
program. Such cards and programs are set forth in U.S. Pat. 
Nos. 4,951^49 and 5,113,442. These devices mo dify the 
interrupt vectors for t h&Ji ard disk jnd kc^;b oar^ sg^ hal ihc 
n^wjouti nes e xccutcd^nl^sponse toTSSeintcfrDptfe dft not 
per mit a^tiser to gaio unencumbered access to the operaT tI!g 
sysTem o r &ard drive. While these devices^may be citectiVe, 
tfeeT-bcnfrequire anexpansion card which must be inserted 
in the expansion card bus. Thus, these devices take a card 
slot which may be otherwise used to enhance the perfor- 
mance of the PC. Additionally, such devices may be defeated 
by powering down the system and simply removing the 
expansion card. What is needed is a way of preventing a 
system boot from a diskette drive without adding a hardware 
component to the system which may be removed to defeat 
the system. 

At the time that PCs were introduced into the market place 
the Disk Operating System (DOS) was frequently used for 
the systems. Because many users found DOS commands 
cryptic or difiScult to understand, user interfaces which 
communicated between a user and DOS were developed. 
The interface which is installed in many, if not most, of the 
PCs today is the Windows program interface from Microsoft 
of Redmond, Washington. The Windows program facilitates 
a user*s interaction with a PC because it permits a user to 
activate programs by simply placing a cursor over an icon by 
using a mouse and activating the program by depressing a 
button on the mouse. Selections within a program are 
provided by the Windows program in like manner through a 
Graphical User Interface (GUI). Thus, many PC users view 
Windows as an operating system, even though it is an 
interface between GUI and DOS^rograms. However, some 
users see Windows as an unsecured access port to a PC. To 
gain access to the PCj'sucITusers abnormally terminate a 
program or termin^e the execution of the Windows program 
itself, to gain access to DOS. Since these users are familiar 
with DOS, they may then investigate the PC and its 
resources without intervention from an access control com- 
ponent of the Windows program. What is needed is an access 
control program that is seamless across the Windows/DOS 
interface. 

As can be ascertained from the discussion above, there is 
a need for a PC access control system and method that can 
limit each user to a predefined set of resources on the PC 
without informing the user of the resources not available to 
the user. There is a need for a PC access control system and 
method that permits time selective control over a PC's 
resources, lliere is also a need to prevent a system boot from 
a program stored on media in the diskette drive of the PC. 
There is also a need for a PC access control system and 
method which provides seamless access control over a 
Windows/DOS interface in a PC. 

SUMMARY OF THE INVENTION 

The above limitations of previously known PC access 
control systems are overcome by a system and method 
implemented in accordance with the principles of the present 
invention. The method of the present invention includes the 
steps of storing a user identifier and a list of computer 
resources for each user of a PC system, displaying only the 
computer resources in the list corresponding to the user 
identifier for the user active on the PC system so that the user 
active on the PC system only sees the resources which the 
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user may access, and limiting said active user's access to the 
computer resources in the list of coraputer^resources stored 
with the user identifier^ ^^"^^ 

This inventive method does not indicate to a user on a PC 

5 system the other resources on the system which are not 
accessible by the user. Accordingly, there is a reduced 
likelihood that the user knows what other resources are on 
the PC system and this in turn reduces the likelihood that the 
user will attempt to gain access to the other resources on the 

10 system. On PCs implementing a Windows program type 
interface, the list of the computer resources are preferably 
kept in files which are used to modify Group and INI files 
through the Dynamic Data Exchange (DDE). The modified 
system files are used to display group and program icons 

15 which may be activated by a user to launch a program. Once 
the system files have been modified, the access control 
program pr2;[entsj_ji§fii.J[Qmreggn^^ deleted group 
displays'and programs to the system files. TfiusTThentser 
cannot restore deleted group displays and programs even if 

20 the user knows the file names for deleted resources. To 
restore the system files for the next user, the method of the 
present invention encrypts and stores an unabridged version 
of the system files which contain all of the groups and 
programs which are available on the system to a user having 

25 no limitations. At the system start-up for each user, the 
method retrieves and decrypts the unabridged version and 
deletes those programs and groups not contained in the 
corresponding list for the user. In this way, the system may 
be configured to only display the authorized resources for 

30 each user without losing a reference to all programs and 
groups possible on the system. 

The method of the present invention is preferably imple- 
mented with three program components. One program com- 
ponent maintains a memory map for the address space for 

35 which a user is authorized. A second program component 
monitors all DOS or Windows file management access calls 
and verifies whether the user is authorized to access a file, 
directory, drive, or port. A third program component moni- 
tors all BIOS functions and verifies whether the requested 

40 access is authorized. As a result, system calls which a 
knowledgeable user may attempt to execute through user 
written programs, abnormally terminated programs, DOS or 
Windows system calls, or BIOS fiinctions are trapped by one 
of the program components. The program components 

45 respond with error messages for resources for which the user 
is not authorized. An additional benefit of this preferred 
implementation is that each program component verifies the 
existence of the other two program components whenever 
one program component is executed. This protects against a 

50 user modifying one program component in an effort to 
circumvent the system. Whenever an unco rrup ted program 
component executes, it would detect the change in the other 
program components and immediately execute a system 
reset. The initializ atio n following system res et restores the 

55 program compo nents trom tne hard oisK. Most pre terably, 
'the program components in the W'indows 3.x environment 
"are implemented with terminate stay resident (1^>K) pro- 
grams Wh ile Vii'tual device drivers (V xuj projjU'ams are u sed 

60 *^^!e^ system ^of^^ invention also uses the DOS^ 

Protected Mode Interface (DPMI) to restrict access to a user 
regardless of whether DOS or the Windows interface pro- 
gram is operating. Normally, DOS and Windows programs 
execute in mutually exclusive address spaces. For that 

65 reason, an exit from the Windows operating environment 
would cause the DOS programs to execute without access to 
the restricted use lists that had been used in the Windows 
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environment. However, the program component that imple- FIG. 2 is an illustration of an exemplary display of the 

meats the operating environment change provides the manage user function; 

addresses of the program component memory space to the pjQ 3 illustration of an exemplary display of a user 

DPMI of the Intel or Intel equivalent processor. This permits profile; 

the program components to continue to execute with access 5 ^ ■ n . r 1 j- 1 r 

to the restricted lists even though the operating environment ^ ^ illustration of an exemplary display of a 

has changed. s b program group access function; 

The method of the present invention may be further ^I*^- ^ is an illustration of an exemplary display of a 

supplemented by a j>oot program protection method whic h program icon access function; 

pr events a boot program stored On taie ^if^ w^thm a fiisikfttip. FIG. 6 is an illustration of an exemplary display of a 

dnve from initializing the system. Th e boot program pro- directory access function; 

t ection method includ e s storing the master boot record and_ piQ. 7 is an illustration of an exemplary display of a port 

partiti on taoie ot the sys tem hard drive in a non-standard access function* 

location on the hard drive. This means that a system initial- t-t/^ ca ^ on a u . r*i. * • . n 

— r r- — I — - — . - r i * ^10. »A and 8B are now charts of the process to install a 

ization program implementing the method or the present ljj-, ,., . 

invention kSows where to ac^ themaster boot record and ^^'t "^f" P^*^^^.^V°° P/T'"" accordance 

partition table to iniSdSjSSmnFTil^^ with the principles of the present invention to reduce the 

dser boot p^ogra^ wh l^ay attempt to intervene during likelihood that a boot program stored on media in a diskette 

system initialization, the met hod of the Rrcsen tjnycntion ^"^^ "^ed to initialize the system of FIG. 1; and 

ret noves hard disk size and format data trom ttie boot record FIG. 9 is a flow chart of how the hard disk protection 

and encrypts the partition table at t he standard location on 2 0 program controls system initialization and transfers control 

th e hard disk. A t system initialization, t he master boot record to the access control program, 

r estores the boot record as it can ascertain the location ot"* nPTAii cn nT^Qi-DTtmoM 

fi les on the hard disk needed for system startup s.iw.h 1 aili^.u ut^UKii-i luiN 

CONfFIG.SYS and others^JT his software onlv protection A personal computer or PC system in which the method 

scheme is more simple to install and more difiBcult to defeat 25 and system of the present invention is implemented in 

than the previously known methods which require the addi- shown in FIG. 1. The system 10 includes a processor 12, 

tion of an expansion card or the like. volatile memory 14, non-volatile memory 16, and I/O 

The system of the present invention includes a computer peripherals 18-28, all of which are coupled together by a 
program that resides on the hard disk of the PC system. The system bus 34. Some of the I/O peripherals generate inter- 
program includes a primary user module which is used by 30 mpts which cause the processor to transfer program control 
the person installing the program to define the programs, to a predefined location for interrupt processing and eventual 
files, directories, times of access, and hardware resources transfer to a routine for servicing the peripheral which 
which may be accessed by each user. These files each generated the interrupt. For example, an interrupt generated 
contain a user identifier and Ust of computer resources tiy a hard disk typically causes the processor to transfer 
defined as being accessible by the user. These files are 35 program control to address 21H. There the environment of 
encrypted and stored at locations on the hard drive only the program currently being executed is saved on the system 
known to the access control program. Since the access stack behind the address of the next instruction to process in 
control program may also implement the boot program the interrupted program. Control is then transferred to a hard 
protection method as well, there may be further difiBcuhy in "^i^k service routine which performs the input or output 
another being able to ascertain the location of the list files on 40 operation which resulted in the interrupt. Thereafter, the 
the hard disk. The program also includes a startup module environment of the interrupted program is restored, inter- 
which is activated during system startup once a user has reenabled and control transferred to the next instruc- 
been authorized for system startup. The startup module uses address previously stored on the stack, 
the identifier corresponding to the authorized user and The system 10, in which the system and method of the 
retrieves the corresponding fist of computer resources. This 45 present invention is used, is preferably a personal computer 
list is then used to modify the system files for the user. These (PQ in which the processor 12 is preferably an Intel 80286 
modified files are then stored in memory to be accessed by or better or equivalent thereof which implements a DOS 
the access control program. Thereafter, only the programs Protected Mode Interface (DPMI). Additionally, the method 
and groups for which the user is authorized are displayed. of the present system is preferably implemented in the 
Further, any system call for a resource or directory is trapped 50 assembler language for processor 12. The assembled code 
by one of the Program components of the access control for the program components used to implement the method, 
program which sends an error message in response to a discussed in more detail below, is stored in files which are 
request for an unauthorized resource, stored on hard disk 18. Preferably, these files are read from 

Thus, the method and system of the present invention hard disk 18 at system initialization and loaded into memory 
provides an access control program for a PC that may be 55 for the DOS operating system or Windows interface pro- 
tailored to hmit access to programs, files and other resources S^am. As known in the art, the memory space of the system 
of the PC differently for each user. Furthermore, the system is divided so the DOS operating system memory space is 
maintains a list of the authorized resources for each user mutually exclusive of the memory space used by the Win- 
regardless of whether the Windows interface or DOS system ^ows interface program. Accordingly, the method of the 
is the active user interface. The invention may also include 60 present invention preferably uses the DPMI to make active 
a boot protection feature which reduces the likelihood that a fl^^ memory in which the program components of the present 
user may intemipt system initialization and gain unautho- invention are loaded regardless of whether DOS or Windows 
rized access to the PC operating system. executing. Preferably, the program components of the 

access control program of the present invention are termi- 

BRIEF DESCRIPTION OF THE DRAWINGS ,5 ^3,^ stay resident (T^R) programs in the Window 3.x 

FIG. 1 is a block diagram of a system in which the present environment and virtual device drivers (VxD) programs in a 

invention is implemented; Windows 95 system. 
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At system power up, the processor begins system initial- By activating the view/edit function, the Primary User 

ization by transferring control to a program which verifies may also then activate a folder corresponding to one of the 

the operational status of system memory and the basic input previously authorizxd users. Preferably, the folder is opened 

and output operations of the system. Such programs are well by highlighting the user^s identifier in window 50 and 

known and are generally called BIOS programs. Upon 5 clicking the mouse cursor over the view/edit function. An 

completion of the BIOS program, the system may execute exemplary folder for a user is shown in FIG. 3. As shown in 

BIOS extensions programs which verify certain expansion FIG. 3, the folder includes a window for the user's name 

devices for the system or control may be transferred to a (70) and a private directory (window 72) for the user, if one 

system initialization file on a iiser*s diskette or hard drive. has been identified by the Primary User. The folder prefer- 

The system initialization file probably continues by verify- ably includes five tabs which identify the authorized 

ing that the user bringing up the system is authorized for use resources for a user. These tabs include main (74), groups 

of the system. If the user is authorized, installation of the (75)^ ^^0^5 (yg)^ directories (80) and ports (82). The main tab 

programs necessary for the operatmg system and the user ^ identify a directory where a user may keep files 

mterface continues. Control ^ then transferred to the user ^^-^^ inaccessible to other users. If the Primary User 

mterface so the user may begin to select programs for ^^^^^^ ^ ^^^^^ ^^^^^ ^-^ ^^^^^ 72, 

execution and use. If the user is not authorized for system ^. ^ . ^ * .u j- * c *u 

use, the system initialization program denies the user access. !?f ^^f"^ 7* P'^^ram creates the directory for the user. 

After a predetermined number of attempts to gain access ^"T^^y ^^ser may also indicate whether the user^s 

have failed, the program aborts system initialization. password is to be reset (wmdow 84), whether the user shares 

Preferably, the resource control system and method of the ^ ^ P"^^^^ directory with another (window 88), and whether 

present invention are implemented by an access control 20 the user may leave the Window s environment to operate the 

program which is installed on the PC once a user is given environment (window 86). A user must assign a 

access to the system. The program is typically provided on password to his or her user name at the first sign-in follow- 

a diskette which is placed in the disk drive of a PC system. ing addition of the user's name to the user list otherwise the 

The diskette is provided with an installation program which access control program does not give the user access to the 

creates a directory for the access control program on the 25 PC system. If the user's directory is going to be shared with 

user's hard disk drive. The files containing the program other users, the Primary User may specify whether the user's 

components are then copied into this directory. Part of the private directory may be only read by others (windows 90) 

installation procedure is to insert commands into a system or whether others may be able to read and modify the 

initialization file, such as the AUTOEXEC.BAT file, before contents of files in the user's private directory (windows 92). 

the command which activates an operating system or Win- 30 Upon selecting the tab groups 76, the Primary User is 

dows interface program. These commands activate the pro- presented with a display of application program groups. An 

gram components of the access control program before the exemplary display of application program groups is shown 

operating system or Windows interface program is activated in FIG. 4. Any of the application groups shown in the 

at system initialization. After the access control program is left-hand window 100 entitled Groups Displayed for this 

installed, the program requests the user to register as the 35 user are available to that user. Conversely, program groups 

Primary User and to identify a password. This password is shown in the Groups Hidden from this user window 102 are 

used to identify the Primary User at subsequent logins. After not available to that user. To move a program from one 

installation of the program and registration of the Primary category to the other, the user may use the mouse cursor to 

User, only the Primary User may thereafter install software highlight a program group and then click on to the right 

on the PC, upgrade the access control program or uninstall 40 pointing arrow 104 to transfer the selected program group to 

the access program. the Groups Hidden window 102 or the reverse may be 

Now the Primary User may use the access control pro- achieved by selecting a program group and clicking on the 

gram to add users, define the application programs acces- left pointing arrow 106 to transfer the selected program 

sible for each user, and restrict the directories, drives, group to the Groups Displayed window 100. The double 

communication ports and printer ports available for the 45 arrow buttons 108 and 110 shown in the exemplary display 

users. Additionally, the Primary User may allow selected are preferably used to transfer all of the application groups 

users to be able to exit the Windows interface program and from one window to the other window. In response to 

operate within the DOS environment. defining the program groups to be displayed and hidden, the 

To identify or add users to the PC, the Primary User access control program generates a file identified by the 

selects the manage users program component. This program 50 user*s identifier which identifies a list of program groups 

component causes a display of the Primary User's name and which are not displayed for user selection, 

any other users currently on the system. An exemplary By activating the icons tab 78, the Primary User is 

display is shown in FIG. 2. The Primary User may view a list presented with a display of the program icons for the 

of authorized users in window 50. To add a user, the primary previously selected program group. An exemplary display of 

user activates the new user function which causes the 55 program icons is shown in FIG, 5. Again, the Primary User 

display of FIG. 3 to appear so the primary user can enter the may transfer programs from the Icons Displayed window 

user's name and resource parameters. The display of FIG. 2 120 to the Icons Hidden window 122 or from the Icons 

also includes function buttons for deleting a user (54), Hidden window 122 to the Icons Displayed window 120 

viewing or editing a user's profile (56), and closing the using arrow functions 126, 128, 130 and 132 in a manner 

manage user function (58). A help function (60) and hint 60 similar to that discussed above with respect to FIG. 4. In 

function (62) are also provided to facilitate the primary response to defining the program icons to be displayed and 

user's use of the function. In response to the closing of the hidden, the access control program generates a file identified 

manage users function, the access control program generates by the user's identifier which identifies a list of program 

a file of authorized user identifiers and, as each user supplies icons which are not displayed for user selection, 

a password, the file is updated with each user's correspond- 65 By activating the directories tab 80, the directories on the 

ing password. This file is used by the access control program system are displayed. The directories which may be 

to limit access to the system to authorized users only. accessed by a user and those which are not accessible by a 
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user are shown in the display. An exemplary display for this These tables are maintained in memory with the program 
program component is shown in FIG. 6. Again, directories components and remain active regardless of whether the 
and subdirectories may be transferred from the Directories operatingsystemor Windows interface program is executing 
Available window 140 to Directories Restricted window 142 since the DPMI is used to make the memory in which the 
by the method described above with respect to the group and 5 program components are located accessible. When the pro- 
icon windows. Certain directories in the Directories gram components trap a request for a directory or port, the 
Restricted window 142 cannot be made available to a user. I/O routine of the program component verifies that the 
These directories are system directories for the operating requested directory or port is authorized for the user cur- 
system or Windows interface program and the access control rently on the system. 

program (which is identified in FIG. 6 as the C:\CONHIDE 10 ^he Windows 95 environment, the access control pro- 

directory). Other directories may be made available to a user gram modifies the registry file since this file is used to define 

on a read only basis. While access to the other directories in the computer resources which a iiser can access and which 

the restricted list are completely restricted, the status of these the Windows 95 program accesses to generate displays of 

directories may be changed by the Primary User. Preferably, program icons and program groups. Because Windows 95 

a stop sign 144 is used to indicate the directories for which 15 performs its own user login procedure, the transfer from the 

the restricted status cannot be changed, a lock symbol 146 login procedure to the access program is done differently, 

is used to indicate restricted directories which cannot be The login procedure in Windows 95 assigns the user a 

accessed by a user, and an open book 148 which is used to default user registry file if the user cannot enter a password 

identify the directories which are available to a user on a that corresponds with a user's identifier or if the user aborts 

read only basis. Preferably, directory identifiers are limited 20 login procedure. To prevent this default user from 

to 255 characters to comport with the restrictions on direc- gaining control of the system, the access control program 

tory path names imposed by the operating system or Win- modifies the default user profile in the registry file so the 

dows interface program. To restrict a user's access to a drive, default user is not authorized to use any system resources. If 

the drive is selected in the Drives Available window 146 and the user enters a corresponding password, however, the files 

the root directory for the drive appears in the Directories 25 identified by the user's identifier are used to define the 

Available window 140. The root directory may then be resources in the registry file. Since Windows 95 uses this file 

transferred to the Directories Restricted window 142 to to display program icons and program groups, the system 

make the drive unavailable for the user. In response to only displays the ones which the Primary User identified for 

defining the directories which may be accessed by a user, the the user through the access control program. The access 

access control program generates a file identified by the 30 control program may use an application program interface 

user's identifier which identifies a list of directories to which (API) to modify the registry system file in accordance with 

the user is denied access or whose access is limited to read the restricted list files generated by the access control 

only. program. 

By activating the ports tab 82, the ports program compo- The access control program may also include a function 

nent generates a list of the communication and printer ports 35 for limiting a user's access to a computer resource to a 

available on the system. An exemplary display is shown in particular time period. This time restriction may be defined 

FIG. 7. Those communication and printer ports which have for a program group, program, directory, or port. The access 

an "X" in the window next to a port identifier, such as time is stored in the corresponding file for the resource and 

COMl, indicate that those communication and printer ports is accessed by a program component at user login. If any 

have been restricted from use for that user. In response to the 40 resource has a corresponding access time, the program 

definition of these ports as being restricted or not, the access component retrieves the system time maintained by the 

control program generates a file identified by the user's system time function and compares system time to the 

identifier of ports to which the user is denied access. access time to determine whether the resource should be 

The restricted lists for the groups, programs, directories, displayed as being available for the user. In this way, the 

and ports are placed in files which are associated with a 45 Primary User may deny access to a games program group, 

user's identifier. These files are then used by the access for example, during afternoon hours when the user should be 

control program to modify system files when a user signs on using the PC to do his or her homework, 

the system. Specifically, after system initialization has been Preferably, the access control program is implemented by 

performed by the BIOS, control is transferred to the access three program components. One program component is 

control program. This program prompts the user for a user 50 loaded resident in memory to, preferably, allocate memory 

name and corresponding password. If the password and user space for a user and monitor memory access. This program 

name are verified, the files containing the lists of restricted allocates memory for a user and verifies that the attempted 

groups, programs, directories, and ports are read by the memory access is for a memory location in a memory space 

access control program. The access control program uses the authorized for the user. The second program component 

group and program lists to delete references to those files 55 loaded into memory preferably monitors operating system 

from the system files. In the Windows 3.x environment this and/or Windows calls to verify whether the requested 

is done by passing the lists to the dynamic data exchange resource is authorized for access by the user. The third 

(DDE) which causes the program manager to delete the program component preferably monitors BIOS calls to 

specified resources from the Group and INI files. Thereafter, verify whether the requested resource is authorized for 

the only group folders and program icons which are dis- 60 access at system startup. This program is used to detect boot 

played are those which were not deleted at user sign on. The programs which a user may try to use to gain control of the 

access control program also monitors caUs to the DDE and system at initialization. Although these functions may be 

program manager to prevent the restoration of deleted performed by a single program component, three program 

resources to the system files by a user The directory and port components are preferably used. Whenever one of the 

lists are used to generate tables for the program components 65 program components is activated for a verification function, 

of the access control program which control the I/O routines it communicates with the other two program components to 

that interface with the drives and ports of the PC system. verify they are still loaded and are operational. Thus, if a 
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user is able to find and modify one program component to ing to remove the hard disk protection program is authorized 

access unauthorized resources, the other two program com- to do so. The protection program identifier is written into the 

ponents detect the change. In response to a detected change, MBR program (Block 216). The boot record is then read 

the program component resets the system so that all three from the hard disk (Block 218) and the hard disk 
program components are reloaded from the hard disk to 5 information, such as disk size, sector size, etc., is retrieved 

memory to overwrite the changed program component. The ^^^^ ^he boot record and stored in the MBR program (Block 

TSR programs preferably used in the Windows 3.x compo- 219). The hard disk drive information in the boot record is 

nents environment are loaded into system memory at system corrupted (Block 220) and the boot record rewritten to the 

initialization. The VxD programs used in a Windows 95 ^^rd disk (Block 221). The MBR program is then written to 
system may be dvnamicaUy loaded anywhere in memory, lo ^^e address of the original MBR (Block 222) and the system 

When the user' logs off, the system maintains the same ^ ^e-initialized with the new MBR to install the hard disk 

tables and system files until another user tries to log on. If Pro^^^^jon program (Block 223). 

the user is verified, the file containing all of the system boot process perfonned m response to system start up 

resources is retrieved from the hidden location on the hard ^"^^^ modified MBR program is shown in 
drive. This file is used to restore the system files of the 15 FIG. 9. After BIOS has completed its imtialization with a 

system. Hie restricted lists for the user are then retrieved and terminaUon, the BIOS reads the MBR program 

these lists are used to delete group and programs from the execution, ^fhe modified MBR 

system files and to initialize the tables in the same manner P'^^^^^'^ ^ ^"f^"^* Petition table from the 

previously discussed. Altematively, a user may log off and ^^^^ (^^^^^ ^42) and loads them mto memory (Block 
power off the system, in which case, the system simply 20 244). The hard disk information in the modified MBR 

reboots upon the application of power by the next user. P^^g^^"^ ^^^"^ ^^^^ ^'^^^ '^^'^ (^^^^k 246) and 

™ . , . . , the boot record is stored in memory and executed (Block 

The access control program also includes a program 248). The operating system is loaded (Block 250) and the 

component lor preventing a boot program on the diskette ^ initialization batch file (AUTOEXEC.BAT in DOS 

drive from con roUmg the PC. The executable codefor this computers) is executed (Block 252). The execution of this 

component is stored in a file on the PC hard disk. When the T j *u * r *u * i 

n • jj c . t flic loads the program components for the access control 

Pnmary User installs this feature, the access control program • J:^ o„^tJL ,v . a 

..r. J ' * . J ri^M-Xr^^ J program into memory. System control IS then transferred to 

modifies and moves the master boot record (MBR) and rk«^««,„t „„ /t3i^«u ic/i\ tt, a - ♦ 

* ui *u u J J- 1 f* *u j u . the operating system (Block 254). Thereafter, interrupts to 

partition table on the hard disk. I hen modifies the boot ^^^^ intercepted by one of the program 

r«:ord so this component operates following the termination components which use the modified MBR program and 

of BIOS operation at system power up. * j * ui j u * j * f i 

^ J f f restored partition table and boot record to control access to 

The installation process for this program component is the hard disk, 

shown in FIG. 8. TTiat method begins by reading the first ^ter the hard disk protection program and access control 

sector of the hard disk (Block 200) to determine whether this p.^g,^^ ^ave been installed, the program and the access 
program component has been previously installed (Block 33 control program control access to the operating system and 

202). Preferably, this is done by determmmg whether a computer resources of the system. Upon system 

particular byte or group of bytes within the first sector has initialization, the BIOS executes and, at its termination, 

a predetermined value. If the component has been installed .^^^^^^^^ ^^^^ protection program, if installed. This 

previously, the mstallation stops. Otherwise, the installation program controls access to system resources during the 

program verifies whether the file in which the program remainder of system initialization and loads the operating 

stores a copy of the partition table already exists (Block .y.^^^ p.^^,,^ components for the access control 

^L'L^''^?' J?^ installation program deletes it p^gram. Control is transferred to the operating system and 

(Block 205) and stops. This is done to permit the hard drive p^g,^^ components of the access control program limit 

protection prograrn to be installed, if the user wants to add ^^^^ the resources identified in restricted lists as set 

It. Otherwise, the hard disk remains unprotected. fo.tj, above. If a user attempts to boot the system with a boot 

If the program determines that the hard disk protection program stored on media or a diskette drive, the boot 

program has not been previously installed or that any vestige program tries to use the hard disk interrupt to look at the 

of the program remain, it examines the partition table stored master boot record. In this case, the program is unable to 

on the hard disk (Block 206) to determine whether the gain sufficient information to search the hard disk and load 
system operating the disk is compatible with the protection 50 the operating system. If the hard disk protection program is 

program. For example, DOS and Windows partition a hard not installed, system initialization continues with the loading 

disk into four partitions while other operating systems of the operating system and the program components of the 

partition the disk differently. If the operating system is not access control program, however, the protection provided by 

supported then the installation terminates. Otherwise, the the hard disk protection program is not available. Control is 
program copies the MBR and partition table to a file (Block 55 then transferred to the operating system. '^Thereafter, the 

208). This process is repeated for any other hard disks for access control program intercepts interrupt service calls and 

which the user desires to install the protection (Block 224). verifies whether the user is authorized to access the 

Installation continues by searching the root directory of requested resource, 

the hard disk to locate the cylinder/track/sector address of While the present invention has been illustrated by a 
the file in which the MBR and partition table are stored 60 description of preferred and alternative embodiments and 

(Block 209). The file containing the MBR program is then processes, and while the preferred and alternative embodi- 

retrieved (Block 210). The address of the original MBR on menls and processes have been described in considerable 

the disk is stored for future reference and the original detail, it is not the intention of the applicant lo restrict or in 

partition table on the disk is encrypted and rewritten to the any way limit the scope of the appended claims to such 
disk (Block 212). Using a random number generator, an 65 detail. For example, a file identified by a user identifier may 

access number is generated and stored in the MBR program be generated which contains those resources for which a 

(Block 214). This is done to identify whether a user attempt- user is authorized to use. This list of resources may be used 
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to delete any reference to resources in a system file not 
contained in the file. Such additional advantages and modi- 
fications will readily appear to those skilled in the art. 
What is claimed is: 

1. A method for limiting a user's access to computer 5 
resources of a computer system, comprising: 

relocating an original master boot record and an original 
partition table from a first location to a second location 
on a hard disk; 

providing a corrupted master boot record and a corrupted 
partition table at said first location so that a program 
using the corrupted master boot record and said cor- 

. rupted partition table is unable to initialize said system; 
and 

using, via a security protection program, at system ini- 15 
tialization said corrupted master boot record and locat- 
ing via the security protection program, said original 
master boot record and said original partition table at 
said second location to initialize said computer system. 

2. llie method of claim 1 further comprising the step of: 20 
controlling computer initialization using said relocated 

master boot record and said relocated partition table; 
and 

installing a program component for controlling access to 
computer resources in a memory of said system prior to 25 
allowing a user to access said computer. 

3. The method of claim 1 further comprising the step of: 
deleting hard disk information from a boot record; and 
storing said hard disk information in said corrupted mas- 
ter boot record so that said hard disk information may ^0 
be restored in said boot record prior to activating said 
boot record. 

4. The method of claim 1 wherein said second memory 
location is determining from the steps of: 

copying the original master boot record to a file during 

set-up of the security protection program; 
searching the root directory of the hard disk to locate a 

cylinder/track/sector address of the file containing the 

original master boot record; and 
storing the address of the original master boot record for 

reference by said corrupted master boot record. 

5. A software-implemented system for controlling access 
to a hard disk during a computer system initialization 
comprising: 

a modified master boot record written to a memory 
location on a hard disk corresponding to location for an 
original master boot record; 

a corrupted partition table written to a memory location 
on said hard disk corresponding to a location for an 
original partition table; 

an original partition table stored to a location on said hard 
disk different from said corrupted partition table; and 

a corrupted boot record written to a memory location on 
said hard disk corresponding to a location for an 55 
original boot record whereby said modified master boot 
record accesses previously stored information during 
system initialization to restore said boot record for 
system initialization. 

6. The system of claim 5 wherein said modified master eo 
boot record loads a program component for controlling user 
access to computer resources before a user is provided 
access to a computer. 

7. The system of claim 5 said modified master boot record 
including: 65 

a protection program identifier so that installation of said 
modified master boot record may be verified. 
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8. The system of claim 5 wherein said corrupted partition 
table is encrypted. 

9. The system of claim 5 wherein said stored disk infor- 
mation is removed from said original boot record. 

10. A computer implemented method that prevents unau- 
thorized access to a computer system, comprising the steps 
of: 

moving an original master boot record firom its original 
location to a non-standard location in memory; 

creating a modified master boot record by storing a 
modified partition table in the modified master boot 
record that has different specifications than the original 
master boot record, said modified partition table con- 
taining specifications that prevents an operating system 
from booting from a diskette, thereby preventing access 
to computer system resources; 

storing the modified master boot record at the location 
corresponding to the original location of the original 
master boot record; and 

using said modified master boot record to control access 
to computer system resources. 

11. llie method of claim 10 wherein said noo-standard 
memory location is an arbitrary memory location deter- 
mined by a security protection program. 

12. The method of claim 11 wherein said arbitrary loca- 
tion is determining from the steps of: 

copying the original master boot record to a file during 

set-up of the security protection program; 
searching the root directory of a hard disk to locate a 

cylinder/track/sector address of the file containing the 

original master boot record; and 
storing the address of the original master boot record for 

reference by said modified master boot record. 

13. A computer implemented method that protects a 
computer system from unauthorized access, comprising the 
steps of: 

accessing a boot record of a hard disk; 

changing the boot record data in a manner that prevents an 

unauthorized user from accessing the hard disk; and 
storing information that enables the original boot record 

data to be restored by an access protection program. 

14. The method of claim 13 comprising the steps of: 
removing disk information from the boot record of the 

hard disk; and 
storing information removed from said boot record in a 
manner that enables the original boot record data to be 
restored by the access protection program. 

15. The method of claim 14 further comprising the steps 

of: 

moving a master boot record to a non-standard memory 

location different than the original location for the 

master boot record; 
creating a modified master boot record which is stored at 

the original location of the master boot record; and 
storing information in the modified master boot record 

that enables the boot record to be restored by a security 

protection program. 

16. The method of claim 15 wherein said non-standard 
memory location is an arbitrary memory location deter- 
mined by the security protection program. 

17. The method of claim 16 wherein said arbitrary loca- 
tion is determined from the steps of: 

copying the master boot record to a file during set-up of 
the security protection program; 
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searching the root directory of the hard disk to locate a 
cylinder/track/sector address of the file containing the 
master boot record; and 

storing the address of the original master boot record for 
reference by said modified master boot record. 
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18. The method of claim 17 further comprising the step of 
corrupting a partition table in a manner that prevents the 
computer system from booting. 

* * * * >tt 
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